Skip to content
View ashwinp17's full-sized avatar

Block or report ashwinp17

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ashwinp17/README.md

Hi, I'm Ashwin Pratap πŸ‘‹

I am a CompTIA Security+ certified cybersecurity professional building hands-on experience in vulnerability assessment, security monitoring, network defense, cloud security, web application testing, and incident analysis.

My portfolio includes practical projects using Kali Linux, pfSense, Metasploitable 2, DVWA, Nmap, Greenbone/OpenVAS, Metasploit Framework, Wireshark, Splunk, Microsoft Azure, Active Directory, and OWASP ZAP.

All security testing documented below was conducted against authorized systems in controlled lab environments.

πŸ” Cybersecurity Projects

Cloud Security Risk Assessment & GRC Simulation

Conducted a cloud security risk assessment of an Azure-hosted Windows Server environment.

  • Assessed risks involving public RDP access, privileged accounts, patching, monitoring, and Azure permissions
  • Calculated risk scores using likelihood and business impact
  • Recommended controls including MFA, RBAC, restricted RDP access, patch management, and centralized logging

View Project

Web Application Vulnerability Scanning with OWASP ZAP

Performed an automated vulnerability assessment against DVWA using OWASP ZAP in an isolated VirtualBox lab.

  • Identified Remote Code Execution and Source Code Disclosure findings
  • Analyzed missing security headers, anti-CSRF protections, and insecure cookie settings
  • Generated a professional vulnerability report with remediation recommendations

View Project

Linux Log Analysis with Splunk

Analyzed Linux authentication logs using Python automation and Splunk SIEM.

  • Investigated authentication activity and suspicious security events
  • Processed log data using Python
  • Created Splunk searches, dashboards, and alerts
  • Documented findings in a security-analysis report

View Project

Azure Active Directory SOC Lab

Deployed and administered an Active Directory environment hosted in Microsoft Azure.

  • Configured Windows Server, Active Directory Domain Services, and DNS
  • Created and managed domain users and organizational units
  • Joined a Windows client to the domain
  • Reviewed Windows Security events related to authentication and account activity

View Project

Network Scanning and Host Enumeration with Nmap

Performed network reconnaissance and service enumeration against a vulnerable Linux target.

  • Discovered active hosts and exposed network services
  • Identified operating-system and service-version information
  • Analyzed open ports, legacy protocols, database services, and remote-access services
  • Used Nmap NSE scripts to investigate potential vulnerabilities

View Project

Metasploit Exploitation Lab β€” DistCC Remote Command Execution

Performed authorized exploitation testing against an intentionally vulnerable Metasploitable 2 target using Metasploit Framework.

  • Selected and configured the DistCC remote command-execution exploit
  • Executed the exploit against the vulnerable service
  • Validated successful remote command access
  • Documented the security impact and recommended remediation

View Project

OpenVAS Vulnerability Assessment

Performed a vulnerability assessment against an intentionally vulnerable Metasploitable 2 target using Greenbone/OpenVAS.

  • Identified and prioritized critical, high, medium, and low-risk vulnerabilities
  • Analyzed an exposed backdoor service that allowed root-level command execution
  • Reviewed affected ports, CVSS severity, security impact, and remediation
  • Preserved the scan report and critical-finding evidence

View Project

Wireshark Packet Analysis

Captured and analyzed ICMP and FTP traffic using Wireshark in an isolated cybersecurity lab.

  • Verified network connectivity through ICMP echo requests and replies
  • Inspected source and destination addresses at the packet level
  • Demonstrated that FTP transmitted usernames and passwords in plaintext
  • Preserved packet captures and supporting screenshots as evidence

View Project

πŸ›  Tools Used Across Projects and Training

Security and Monitoring

  • Splunk
  • Greenbone/OpenVAS
  • OWASP ZAP
  • Wireshark
  • Nmap
  • Metasploit Framework

Systems and Infrastructure

  • Kali Linux
  • Linux
  • Windows Server
  • Microsoft Azure
  • Active Directory
  • pfSense
  • Oracle VirtualBox

Vulnerable Lab Platforms

  • Metasploitable 2
  • Damn Vulnerable Web Application
  • TryHackMe

Scripting and Documentation

  • Python
  • GitHub
  • Markdown
  • Technical security reporting

πŸ“œ Certification

  • CompTIA Security+

πŸ“Œ Current Focus

  • Security Operations Center analysis
  • Vulnerability assessment and remediation
  • Network traffic and log analysis
  • Cloud and identity security
  • Web application security
  • Incident detection and investigation
  • Building a professional cybersecurity portfolio

πŸ“« Connect

Pinned Loading

  1. azure-active-directory-soc-lab azure-active-directory-soc-lab Public

    Azure Active Directory lab featuring Windows Server, DNS, domain authentication, user administration, connectivity testing, and security event monitoring.

  2. linux-log-analysis-splunk linux-log-analysis-splunk Public

    Linux authentication log analysis using Python automation and Splunk SIEM.

    Python

  3. network-scanning-host-enumeration-nmap network-scanning-host-enumeration-nmap Public

    Nmap host enumeration and vulnerability scanning lab performed in an isolated VirtualBox cybersecurity lab

  4. owasp-zap-dvwa-vulnerability-scan owasp-zap-dvwa-vulnerability-scan Public

    Automated vulnerability assessment of DVWA using OWASP ZAP in an isolated VirtualBox lab with Kali Linux, Metasploitable 2, and pfSense.

  5. cloud-security-risk-assessment-grc-azure cloud-security-risk-assessment-grc-azure Public

    Cloud security risk assessment and GRC simulation using an Azure-based business scenario.